Professional Documents
Culture Documents
Operational Risk
Operational Risk
Operational Risk
g
Business Dialogue
KPMG Luxembourg, 23rd May 2012
Operational
p
Risk
Sven Muehlenbrock, Head of Financial Risk Management
Francesca Messini, FRM, Financial Risk Management
Bertrand Segui, Actuary, Financial Risk Management
Agenda
Introduction
Well known cases
Regulatory Framework
Operational Risk Management Process
The benefit to implement an operational risk management framework
Hints on implementing an operational risk management and
measurement system
What is next?
KPMG Solution
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Barings case
The trader Nick Leeson led to a loss
of USD 1.4 bio at his employer
Barings Plc Bank, that declader
bankruptcy, taking a position in
derivates.
1994
SocGen case
The trader Jerome Kerviel led to a
loss of EUR 4.9 bio at his employer
SocGen, taking a massive
unidirectional position in European
equity index futures in 2007 and
2008
2008
Unsuitable investments
JP Morgan, UBS, Depfa Bank and
Deutsche Bank paid approximately
USD 602.4 mio to municipalities of
Milan, Italy, for selling complex
derivatives inappropriate for
inexperienced investors
2012
Clients, products
and business
practices events
continue to make up
the majority of the
top five losses each
month.
Source: SAS Software
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Operational risk is defined as the risk of loss resulting from inadequate or failed
internal processes, people and systems or from external events.
This definition includes legal risk, but excludes strategic and reputational risk
Cause
Internal
(process, people
and systems)
External
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Impact
Customers claim
Near misses
Forgone Revenue
Repurchase of stuff
Fine from authority
Agenda
Introduction
Well known cases
Regulatory Framework
Operational Risk Management Process
The benefit to implement an operational risk management
Hints on implementing an operational risk management and
measurement system
What is next?
KPMG Solution
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Insurance companies
Basel II / III
Solvency II
Level 2 implementation
measures, CP 52, final advice
AIFMD (RTS)
Three-pillar approach
Pillar 1
Quantitative capital
requirements
Pillar 2
Qualitative supervisory
review
Pillar 3
Market discipline
Own Funds
ICAAP
Transparency
Market Risk
p
y Review
Supervisory
Process (SRP)
Disclosure requirements
q
Credit Risk
Operational Risk
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Standard Approach*
SA
Regulatory Capital = GI *BL
Regulatory Capital =
regular
l reporting
ti and
d good
d documentation;
d
t ti
BIA
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
sophisticattion
AMA
Operational Risk
AIF
AIFM
Examples:
Failures in trading,
settlement and valuation
services
Etc.
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
activities of AIFM
QUAL
QUANT
Professional
Indemnity
Insurance (PII)
Additional Own
Funds
0.01% * AuM
Can be lowered to 0.008% provided AIFM can demonstrate that liability risk is
adequately captured, based on historical loss data and minimum historical
observation of 3 years
Implement an effective internal operational risk management policies and
procedures
It shall be performed by an independent function
Record and make use of historical internal loss data, external data, scenario
analysis and factors reflecting internal controls
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Under Solvency II, there are two ways to calculate the exposure to operational risk
Standard Formula
Advantage:
- Simple to implement and fast calculation
- Doesnt require to create sophisticated models
- Already approved by the regulator
Inconvenients:
- The formula is deterministic and doesnt fit to every business
- The calibration has been done on the whole insurance market and may be totally inappropriate for
specific
ifi iinsurance off reinsurance
i
companies
i lleading
di to potential
i l overestimation
i
i off the
h capital
i l charge
h
- The formula remains static and doesnt integrate any update of the companys historical losses
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Excess of
capital
Solvency
Margin
Required
((SMR))
ASSETS
In book value
Capital
In non-life:
Technical
Provisions
In life:
SMR 4 %. P 2 %. Riskycapit al
NO RISK MANAGEMENT
The operational risk had NO impact on the
solvency margin
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Market
Health
Default
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Life
Non-life
Intangible
12
BSCR
Market
Health
Default
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Life
Non-life
Intangible
13
Adj
Market
Health
BSCR
Default
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Operational
Life
Non-life
Intangible
14
Adj
Market
Health
BSCR
Default
Operational
Life
Non-life
Intangible
In the context of the standard formula, the operational risk is a function of the BSCR:
Operational Risk = Min ( 30% x BSCR ; Op ) + 25% Exp UL
Where:
- Op is a charge for all business other than Unit Linked products (simple formula expressed as
a % of premium and a % of the technical provisions)
- Exp UL represents the expenses incurred the last 12 months in respect with UL products
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Agenda
Introduction
Well known cases
Regulatory Framework
Operational Risk Management Process
The benefit to implement an operational risk management framework
Hints on implementing an operational risk management and
measurement system
What is next?
KPMG Solution
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Model
ode
risk
Credit
Risk
Liquidity
Liq
idit
risk
Operational
Risk
Some of the well-known
ell kno n e
examples
amples are
the market-related operational risk
events which are often associated with
rouge trading, unauthorized, leverage
operations or complex instruments
and new products.
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Market
risk
Business
Risk
It is integrated and
interfere with the
b i
business
off the
th
institution.
Operational
O
ti
l Ri
Risk
k
Management function has
a global picture of the risk
profile of the entire
instit tion
institution.
Internal
Audit
Private
Banking &
Asset
management
Back Office
Operational
Risk
Function
Legal
Accounting
Complian-ce
HR, IT,
Facility
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Front Office
Risk
Reporting
Risk
Identification
Risk
Assessment
Governan
nce and Orga
anization
Operational Risk
Management Framework
Business
Environment (KRI)
Control Factors
PRESENT-looking
Scenario Analysis
FORward-looking
Ri k Policy
Risk
P li &
Strategy
Risk
M
Management
t
& Monitoring
Risk
Reporting
Risk
Identification
Risk
Assessment
All risks as well as root causes of losses are identified and mapped
pp to the banks risk classification ((Basel II
Event Type) and the potential impact estimated (how, where, how much)
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
External Fraud
Employment Practices
and Workplace Safety
Losses arising from loss or damage to physical assets from natural disaster or
other events (terrorism, vandalism).
Execution,, Delivery
y and
Process Management
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
The instruments usually used in order to identify ex ante, and then monitor and
calculate the exposure to operational risk are:
Business
Environment (KRI)
Control Factors
BACKward-looking
PRESENT-looking
Scenario Analysis
FORward-looking
In the regulation these instruments are identified as the key building blocks of risk
measurements, BUT it does not elaborate on how to put them together.
I tit ti
Institutions
have
h
the
th tasks
t k off finding
fi di
the
th mostt appropriate
i t way!!
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Ri k Policy
Risk
P li &
Strategy
Risk
M
Management
t
& Monitoring
Risk
Reporting
Risk
Identification
The Operational
p
Risk Function assesses the
risk exposure both in qualitative and
quantitative term.
The assessment of an incident or a potential
risk aims at quantifying the risk in financial
terms using
i either
i h simple
i l or sophisticated
hi i
d
methodologies like simulation using Monte
Carlo approach.
Risk
Assessment
Think the unthinkable! Integrate the backward-looking view with the forward-looking
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Operational Risk
Assessment with LDA Model Overview
The most popular method in the industry to satisfy the highest standards is the loss
distribution approach (LDA)
INPUT
OUTPUT
Adjustments: KRI,
mitigation factors
(i e insurance
(i.e.
insurance, ect)
Frequency Distribution
External losses
Loss Distribution
Body Tail
Internal losses
Severity Distribution
Monte
Carlo
Simulation
Body
Expected
Loss
Scenario data
T il
Tail
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
99.5 /99.9%
Quantile
Step 1: Inputs
Convert those events into scenarios:
Scenario 1
Scenario 2
Scenario 3
Scenario 4
Frequency
(
(years)
)
3/50
5/50 = 1/10
2/50 = 1/25
7/50
As the number of losses may remain an insufficient basis, one more scenario deemed relevant can
be added:
*T
Terrorism
i
attack
tt k
Scenario 5
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
1/200
Step 2:
We translate the severity information into a scale distribution of severity and we fit the best
parametric distribution
Frequencies
1
Losses (Severity)
Step 3
W suppose than
We
th severity
it and
d frequency
f
are two
t
independent
i d
d t random
d
variables
i bl and
d we simulate
i l t
them independently
Excel sheet
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Risk
Reporting
Risk
Identification
BoD Senior
Management
Risk
Assessment
Operational
O
i
l Ri
Risk
kM
Management
Function
Unit A
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Unit B
Unit C
Internal view
External view
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Risk
Management
& Monitoring
Risk
Reporting
Risk
Identification
Risk
Assessment
H
AVOID
severityy
TRANSFER
ACCEPT
MITIGATE
L
frequency
Limitation or stop of
product / project
Change investment type
High Frequency / Low Severity events
Enhancement of internal controls
Business Continuity Planning (systems, supplier,
staff and workspace)
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Hints
on implementing a operational risk management and measurement system
Data integrity:
use of external loss data
data, which require a mapping or scaling to the firms own data
poor-quality of internal loss data creeping into model assumptions
Perform scenario analysis using a bottom
bottom-up
up approach
Increase the operational risk culture in the firm
Do not ignore tools like Key Risk Indicators (KRIs) for monitoring operational risk
Standard IT tool to centrally collect all data (for instance internal losses, breaches, external losses,
findings, etc.) and related information (mitigation actions taken, procedures)
Advanced approaches: stress testing & sensitivity analysis in the scope of model validation
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
What is next?
Ongoing updates: for bank AMA model change Policy (EBA GL 45; CSSF Circular 12/535)
Looking for more sensible approaches
under discussion the alfa and beta indicators used in the BIA and SA for banks
replace the Gross Income as indicator
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
KPMG Solutions
Impact study
(cost-benefit analysis)
KPMG
Assistance in the
implementation of advance
models and in obtaining
regulatory approval
2012 KPMG Luxembourg S. r.l., a Luxembourg private limited company, is a subsidiary of KPMG Europe LLP and a member of the
KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights
reserved.
Assistance in operational
risk modeling